diff --git a/flake.lock b/flake.lock index ccfe0c5..51588d6 100755 --- a/flake.lock +++ b/flake.lock @@ -103,11 +103,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1748012392, - "narHash": "sha256-ySnLv8+Z91PxcYA0royImfqDNyN/oijxE94ftUCR/vc=", + "lastModified": 1748622923, + "narHash": "sha256-UWxumIPPBxMl/UL9wu42M8SIDOzUscTc7CR7rgmxLrI=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "cfddf4d048eb19f03009c626e5ef3f1913cd063d", + "rev": "b5d4ae9b00b7a3216b27ec824f6621145ecd238b", "type": "github" }, "original": { @@ -124,11 +124,11 @@ ] }, "locked": { - "lastModified": 1747978958, - "narHash": "sha256-pQQnbxWpY3IiZqgelXHIe/OAE/Yv4NSQq7fch7M6nXQ=", + "lastModified": 1748627197, + "narHash": "sha256-7dTtcq4Yi78cHfZcJaxlqkNs+cDBotrHjR9mkXfiUz4=", "owner": "nix-community", "repo": "home-manager", - "rev": "7419250703fd5eb50e99bdfb07a86671939103ea", + "rev": "379c9fb858ef9abe92d5590e7502a7c1387c076a", "type": "github" }, "original": { @@ -180,11 +180,11 @@ }, "desktop-nixos-hardware": { "locked": { - "lastModified": 1747900541, - "narHash": "sha256-dn64Pg9xLETjblwZs9Euu/SsjW80pd6lr5qSiyLY1pg=", + "lastModified": 1748613622, + "narHash": "sha256-SLB2MV138ujdjw0ETEakNt/o2O+d/QtvNLlwaBZSWKg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "11f2d9ea49c3e964315215d6baa73a8d42672f06", + "rev": "b9d69212b5e65620e7d5b08df818db656f7fefb3", "type": "github" }, "original": { @@ -196,11 +196,11 @@ }, "desktop-nixpkgs": { "locked": { - "lastModified": 1747744144, - "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", + "lastModified": 1748460289, + "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", + "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", "type": "github" }, "original": { @@ -262,11 +262,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1747392669, - "narHash": "sha256-zky3+lndxKRu98PAwVK8kXPdg+Q1NVAhaI7YGrboKYA=", + "lastModified": 1748500877, + "narHash": "sha256-j4gxE8pBB5OzwuQYpX0+uhoT3KPYDTf1lEnxH/5UOhw=", "owner": "nix-community", "repo": "fenix", - "rev": "c3c27e603b0d9b5aac8a16236586696338856fbb", + "rev": "8c0499eb59f1c2c07b3734c210480623e1fe90a1", "type": "github" }, "original": { @@ -598,11 +598,11 @@ ] }, "locked": { - "lastModified": 1747875884, - "narHash": "sha256-tdVx4kghhdy62LKuTnwE2RytOe8o88tah/yhpyuL0D4=", + "lastModified": 1748489961, + "narHash": "sha256-uGnudxMoQi2c8rpPoHXuQSm80NBqlOiNF4xdT3hhzLM=", "owner": "nix-community", "repo": "home-manager", - "rev": "f9186c64fcc6ee5f0114547acf9e814c806a640b", + "rev": "95c988cf08e9a5a8fe7cc275d5e3f24e9e87bd51", "type": "github" }, "original": { @@ -641,11 +641,11 @@ ] }, "locked": { - "lastModified": 1747893327, - "narHash": "sha256-9MVhGXDVDG3+eqzNsxK4n2uriPGVvjOvlxUKEEnGiAs=", + "lastModified": 1748411314, + "narHash": "sha256-fvtRp+oHGDLiSQico9+LTAr6Z8CU1AIldLYLQ9mHqjo=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "953023adda652e7ff9c64dacaa9f44da7c120191", + "rev": "9d69aed9023082af370b71bffdfcd414b6b61593", "type": "github" }, "original": { @@ -1066,11 +1066,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1747744144, - "narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=", + "lastModified": 1748460289, + "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f", + "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", "type": "github" }, "original": { @@ -1145,11 +1145,11 @@ }, "nixpkgs-stable_4": { "locked": { - "lastModified": 1746055187, - "narHash": "sha256-3dqArYSMP9hM7Qpy5YWhnSjiqniSaT2uc5h2Po7tmg0=", + "lastModified": 1748421225, + "narHash": "sha256-XXILOc80tvlvEQgYpYFnze8MkQQmp3eQxFbTzb3m/R0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3e362ce63e16b9572d8c2297c04f7c19ab6725a5", + "rev": "78add7b7abb61689e34fc23070a8f55e1d26185b", "type": "github" }, "original": { @@ -1177,11 +1177,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1745930157, - "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=", + "lastModified": 1748460289, + "narHash": "sha256-7doLyJBzCllvqX4gszYtmZUToxKvMUrg45EUWaUYmBg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "46e634be05ce9dc6d4db8e664515ba10b78151ae", + "rev": "96ec055edbe5ee227f28cdbc3f1ddf1df5965102", "type": "github" }, "original": { @@ -1636,11 +1636,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1747323949, - "narHash": "sha256-G4NwzhODScKnXqt2mEQtDFOnI0wU3L1WxsiHX3cID/0=", + "lastModified": 1748424207, + "narHash": "sha256-Ji0QYOigZOi/w2f3BigbGQIAkaELsvCQbgPGi8pkVFE=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "f8e784353bde7cbf9a9046285c1caf41ac484ebe", + "rev": "ed608f592e0a038db4d03ed4af58fd171bd3b3c0", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ccb4f8d..602b9a0 100755 --- a/flake.nix +++ b/flake.nix @@ -362,6 +362,8 @@ desktop-impermanence.nixosModules.impermanence ./share/impermanence + desktop-sops-nix.nixosModules.sops + # Home Manager desktop-home-manager.nixosModules.home-manager { diff --git a/hosts/deck/configuration.nix b/hosts/deck/configuration.nix index 645e742..55645d2 100755 --- a/hosts/deck/configuration.nix +++ b/hosts/deck/configuration.nix @@ -14,6 +14,17 @@ ./sops.nix ]; + nix = { + settings = { + substituters = [ + "https://cache.mjallen.dev" + ]; + trusted-public-keys = [ + "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc=" + ]; + }; + }; + # Define a user account. Don't forget to set a password with ‘passwd’. users.users = { deck = { diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix index 8ae5c13..f4c6b45 100755 --- a/hosts/desktop/configuration.nix +++ b/hosts/desktop/configuration.nix @@ -82,7 +82,7 @@ let src = pkgs.fetchurl { url = "https://www.ocbase.com/download-bin/edition:Personal/os:Linux"; - sha256 = "sha256-WCRbB4K0B/h5QC8CVNbJkQn87XmBG6TawFTtfUclhNU="; + sha256 = "sha256-AomQNi7ODGaznFaHqxlFUcrV36QeLNC65MoCV2y6HZ8="; }; dontUnpack = true; @@ -111,6 +111,17 @@ in ../../share/amd ]; + nix = { + settings = { + substituters = [ + "https://cache.mjallen.dev" + ]; + trusted-public-keys = [ + "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc=" + ]; + }; + }; + chaotic.mesa-git.enable = true; # Environment configuration diff --git a/hosts/nas/configuration.nix b/hosts/nas/configuration.nix index 6439f76..e76ea66 100755 --- a/hosts/nas/configuration.nix +++ b/hosts/nas/configuration.nix @@ -4,6 +4,7 @@ { pkgs, + lib, ... }: { @@ -135,5 +136,41 @@ libvirtd.enable = true; }; - nixpkgs.config.allowUnfree = true; + # Enable nix flakes and nix-command tools + nix = { + settings = { + substituters = [ + "https://nix-community.cachix.org" + "https://cache.nixos.org/" + ]; + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; + warn-dirty = lib.mkForce false; + experimental-features = lib.mkForce [ + "nix-command" + "flakes" + ]; + trusted-users = [ "@wheel" ]; + }; + + # Garbage collect automatically every week + gc.automatic = lib.mkDefault true; + gc.options = lib.mkDefault "--delete-older-than 30d"; + + optimise.automatic = lib.mkDefault true; + }; + + # Nixpkgs configuration + nixpkgs = { + config = { + allowUnfree = lib.mkForce true; + permittedInsecurePackages = [ + # ... + ]; + }; + }; + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "vscode-extension-github-copilot" + ]; } diff --git a/hosts/nas/nix-serve.nix b/hosts/nas/nix-serve.nix index 04cd165..2f2431b 100755 --- a/hosts/nas/nix-serve.nix +++ b/hosts/nas/nix-serve.nix @@ -4,6 +4,7 @@ # "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc=" services.nix-serve = { enable = true; + package = pkgs.nix-serve-ng; secretKeyFile = "/etc/nix/cache-priv-key.pem"; port = 5000; # Choose your preferred port openFirewall = true; @@ -11,11 +12,12 @@ # Improved systemd service with better error handling systemd.services.nix-rebuild-cache = { + enable = true; description = "Rebuild all NixOS configurations for cache"; serviceConfig = { Type = "oneshot"; User = "root"; - WorkingDirectory = "/etc/nixos"; # Update this path + WorkingDirectory = "/etc/nixos"; StandardOutput = "journal+console"; StandardError = "journal+console"; Restart = "no"; @@ -38,14 +40,93 @@ git pull || echo "Warning: Could not pull latest changes" fi - # Run the build-all script - echo "Starting build of all systems at $(date)" - if nix run .#build-all; then - echo "All systems built successfully at $(date)" + echo "Starting build of matt-nixos at $(date)" + if nix flake update desktop-nixpkgs desktop-chaotic desktop-home-manager desktop-impermanence desktop-lanzaboote desktop-nixos-hardware desktop-sops-nix desktop-steam-rom-manager nixpkgs-unstable nixpkgs-stable nixpkgs-darwin; then + echo "matt-nixos flake updated successfully at $(date)" else - echo "Some systems failed to build at $(date)" + echo "matt-nixos failed to build at $(date)" exit 1 fi + if nix build .\#nixosConfigurations.matt-nixos.config.system.build.toplevel --no-link; then + echo "matt-nixos built successfully at $(date)" + git add . + git commit -m "Desktop Updates $(date)" + else + echo "matt-nixos failed to build at $(date)" + git reset --hard + exit 1 + fi + + echo "Starting build of steamdeck at $(date)" + if nix flake update steamdeck-nixpkgs steamdeck-chaotic steamdeck-home-manager steamdeck-impermanence steamdeck-jovian steamdeck-lanzaboote steamdeck-nixos-hardware steamdeck-sops-nix steamdeck-steam-rom-manager; then + echo "steamdeck flake updated successfully at $(date)" + else + echo "steamdeck flake failed to update at $(date)" + git reset --hard + exit 1 + fi + if nix build .\#nixosConfigurations.steamdeck.config.system.build.toplevel --no-link; then + echo "steamdeck built successfully at $(date)" + git add . + git commit -m "Dteamdeck Updates $(date)" + else + echo "steamdeck failed to build at $(date)" + git reset --hard + exit 1 + fi + + echo "Starting build of jallen-nas at $(date)" + if nix flake update nas-nixpkgs nas-authentik-nix nas-cosmic nas-crowdsec nas-home-manager nas-impermanence nas-lanzaboote nas-nixos-hardware nas-sops-nix; then + echo "jallen-nas flake updated successfully at $(date)" + else + echo "jallen-nas flake failed to update at $(date)" + exit 1 + fi + if nix build .\#nixosConfigurations.jallen-nas.config.system.build.toplevel --no-link; then + echo "jallen-nas built successfully at $(date)" + git add . + git commit -m "Jallen-NAS Updates $(date)" + else + echo "jallen-nas failed to build at $(date)" + git reset --hard + exit 1 + fi + + echo "Starting build of pi4 at $(date)" + if nix flake update pi4-nixpkgs pi4-home-manager pi4-impermanence pi4-sops-nix pi4-nixos-hardware pi4-nixos-raspberrypi pi4-disko; then + echo "pi4 flake updated successfully at $(date)" + else + echo "pif flake failed to update at $(date)" + exit 1 + fi + if nix build .\#nixosConfigurations.pi4.config.system.build.toplevel --no-link; then + echo "pi4 built successfully at $(date)" + git add . + git commit -m "Pi4 Updates $(date)" + else + echo "pi4 failed to build at $(date)" + git reset --hard + exit 1 + fi + + echo "Starting build of pi5 at $(date)" + if nix flake update pi5-nixpkgs pi5-home-manager pi5-impermanence pi5-nixos-hardware pi5-sops-nix nixos-raspberrypi; then + echo "pi5 flake updated successfully at $(date)" + else + echo "pi5 flake failed to update at $(date)" + exit 1 + fi + if nix build .\#nixosConfigurations.pi5.config.system.build.toplevel --no-link; then + echo "pi5 built successfully at $(date)" + git add . + git commit -m "Pi5 Updates $(date)" + else + echo "pi5 failed to build at $(date)" + git reset --hard + exit 1 + fi + + git push ''; # # Send an email on failure (optional) # startPost = '' diff --git a/hosts/pi4/configuration.nix b/hosts/pi4/configuration.nix index 53e297a..48c9ec2 100755 --- a/hosts/pi4/configuration.nix +++ b/hosts/pi4/configuration.nix @@ -18,6 +18,18 @@ in ./sops.nix ../default.nix ]; + + nix = { + settings = { + substituters = [ + "https://cache.mjallen.dev" + ]; + trusted-public-keys = [ + "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc=" + ]; + }; + }; + programs.zsh.enable = true; hardware.i2c.enable = true; diff --git a/hosts/pi5/configuration.nix b/hosts/pi5/configuration.nix index 0ff7375..26fa76e 100755 --- a/hosts/pi5/configuration.nix +++ b/hosts/pi5/configuration.nix @@ -25,9 +25,11 @@ in settings = { substituters = [ "https://nixos-raspberrypi.cachix.org" + "https://cache.mjallen.dev" ]; trusted-public-keys = [ "nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI=" + "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc=" ]; }; }; diff --git a/modules/desktop-environments/gnome/default.nix b/modules/desktop-environments/gnome/default.nix index 1cad595..78d2df8 100644 --- a/modules/desktop-environments/gnome/default.nix +++ b/modules/desktop-environments/gnome/default.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ lib, pkgs, ... }: { services = { # Enable Desktop Environment.